diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-04-15 15:29:50 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-04-15 16:06:51 +0200 |
| commit | b962932cba61f06c8da3e7f70e519dec1c1dd88a (patch) | |
| tree | 22fbd8d2ace6d70b978d949aa41c1460d03606f3 | |
| parent | 34123ab9795a802b5840889ac3bca5caa025c57c (diff) | |
| download | ffmpeg-b962932cba61f06c8da3e7f70e519dec1c1dd88a.tar.gz | |
eatgv: check vector_bits
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/eatgv.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c index 65a3ad0ed1..01d0489c4c 100644 --- a/libavcodec/eatgv.c +++ b/libavcodec/eatgv.c @@ -157,6 +157,11 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b vector_bits = AV_RL16(&buf[6]); buf += 12; + if (vector_bits > MIN_CACHE_BITS || !vector_bits) { + av_log(s->avctx, AV_LOG_ERROR, "vector_bits %d invalid\n", vector_bits); + return AVERROR_INVALIDDATA; + } + /* allocate codebook buffers as necessary */ if (num_mvs > s->num_mvs) { s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int)); |